Securing (or Not) Your Right to Vote

Securing (or Not) Your Right to Vote

Article excerpt

Byline: Steven Levy

Next year we'll have the second presidential election since the horribly botched one in 2000. Can we expect better? An answer comes from the highest election official in the most populated state in the Union. Worried about a string of reported vulnerabilities, Debra Bowen, California's secretary of State, had asked computer scientists at the University of California to conduct a "top to bottom" analysis of the thousands of touchscreen electronic voting machines in use in the Golden State. Next year millions of voters will use these systems, manufactured by the industry's largest suppliers, not only in California but in many other states as well.

What did the study reveal? "Things were worse than I thought," says Bowen. "There were far too many ways that people with ill intentions could compromise the voting systems without detection." Some of those security holes could, in theory, allow a dirty trickster with access to a single machine to infiltrate the central vote-counting system and covertly toss an election to the wrong candidate.

It was the most devastating confirmation to date of what security experts have been saying for years: vulnerabilities in election machines are so severe that voters have no way of knowing for sure that the choices they enter into the touchscreens and ballots will actually be counted. "The studies show that these machines are basically poison," says Avi Rubin, a Johns Hopkins computer-science professor and voting-security expert.

Bowen's response, on Aug. 3, was to take the extreme step of decertifying the voting machines (this to the dismay of those defending the touchscreen vendors, who claimed that the tests did not reflect real-world conditions). Because California voters do need something to vote on, though, she allowed the use of some, mandating a rigorous set of controls (like "hardening" the security protocols) to make sure that the flaws aren't exploited. …